Cyber Security News

Critical Google Cloud’s SQL Service Flaw Exposes Sensitive Data

Google recently fixed a critical Cloud SQL database service flaw that could have been exploited to access sensitive data and breach other cloud services.

On May 25th, Dig Security researchers uncovered this security gap in the CloudSQL service of GCP, enabling unauthorized access to various database engines like:- 

  • MySQL
  • PostgreSQL
  • SQL Server

Google Cloud’s SQL Service Flaw

Dig Security’s Ofrir Balassiano and Ofrir Shaty disclosed that:- 

“Exploiting the vulnerability granted them the ability to elevate privileges and assign a user to the highly privileged DbRootRole role in GCP.”

Leveraging a critical misconfiguration in the roles-permissions architecture, they escalated their privileges.

They obtained a system administrator role, granting them complete control over the SQL Server and enabling access to the underlying operating system.

Db Role

The researchers affirmed that they gained the ability to retrieve sensitive files, view privileged paths, extract passwords, and access secrets from the host operating system.

They also highlighted the potential for further escalation to other environments through the underlying service agents.


While apart from this, Dig Security discovered the flaw in Google’s Cloud SQL database service in February and notified Google. 

After they had been notified, Google promptly fixed the issue in April and rewarded Dig Security researchers a bug bounty reward under their bug bounty program.

In addition, security analysts also discovered another crucial flaw within the permission structure, allowing them to elevate privileges and grant their users the coveted ‘sysadmin’ role.

Escalation of a user rule

Unauthorized access to internal data such as secrets, URLs, and passwords poses a significant security risk, as demonstrated by their ability to obtain sensitive information from Google’s docker image repository before the issue was resolved and non-internal IP access was restricted.

Research Timelines

Here below, we have mentioned the complete research timelines:-

  • February 5th, 2023: GCP CloudSQL vulnerability discovered by Dig’s research team.
  • February 13th, 2023: Google’s vulnerability reward program identified activity and contacted Dig’s research team.
  • During April 2023: The vulnerability was successfully addressed and resolved.
  • April 25, 2023: Experts were rewarded by the GCP VRP program.

Deploying a Data Security and Privacy Management (DSPM) solution can safeguard organizations from vulnerabilities by identifying and protecting their most sensitive data through encryption, containing potential breaches, and minimizing exposure.

Guru Baran

Guru is an Ex-Security Engineer at Comodo Cybersecurity. Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Cryptojacking Campaign Infected Online Thesaurus With Over 5 Million Visitors

Students, authors, and anybody else wishing to improve their vocabulary and language abilities frequently utilize…

1 day ago

Gold Melody Attacking Organizations With Burp Extension, Mimikatz, and Other Tools

The financially motivated GOLD MELODY threat group has been active at least since 2017, attacking…

2 days ago

MOVEit Transfer SQL Injection Let the Attacker Gain Unauthorized Access to the Database

MOVEit transfer service pack has been discovered with three vulnerabilities associated with SQL injections (2)…

2 days ago

LUCR-3 Attacking Fortune 2000 Companies Using Victims’ Own Tools & Apps

A new financially motivated threat group named “LUCR-3” has been discovered targeting organizations to steal…

2 days ago

Is QakBot Malware Officially Dead?

Only a few malware families can claim to have persisted for nearly twenty years, and…

2 days ago

System Admin Pleads Guilty for Selling Pirated Business Phone Software Licenses

For taking part in a large international scheme to earn millions of dollars by selling pirated…

3 days ago